The end of the year is upon us, and this is always a good time of year to reflect, recharge, and prepare for new and exciting things to come. Cybersecurity news remained steady throughout 2021, with several significant data breaches and developing threats dominating headlines. Businesses of all sizes continued to realize that they are not immune from security risks while consumers increased their expectations regarding data privacy and awareness.
As we close out the calendar year, looking back at the biggest stories, developments, and events within the area of business-related cybersecurity serves as a necessary means to plan and prepare for what’s next.
Major Data Breaches Affect All Industries
It was another banner year for data breaches. While the complete figures have yet to be tallied, 2021 has already broken the record for the number of breaches in a single year. The previous all-time high of 1,529 was set in 2017, and with 1,291 data breaches through the 3rd quarter, it’s safe to assume a new annual high mark was set in the final months of the year.
The Colonial Pipeline breach was arguably the most significant incident from a publicity perspective. This one event gained widespread attention for the direct effect that it had on the fuel supply for a large segment of the US population. It was a bold ransomware attack that shut down the supply chain for a few days and sparked panic buying and fuel shortages. It also attracted government involvement at the federal and state levels. The feds stepped in to help sort out the situation, and several state governors declared State of Emergency orders in response.
The Kaseya attack was another notable incident, perpetrated by the notorious hacker group REvil. Kaseya is a commonly used business software, and this attack made headlines for how widespread the event was. The hackers successfully included malware onto a Kaseya update that was then downloaded by hundreds of different companies who utilize the software in daily operations. The effects were drastic and quick, with ransomware appearing within the system users’ numerous businesses, grocery stores, and even schools.
Another supply chain incident that received worldwide attention was the JBS cyberattack in the summer. Threat actors hit one of the largest global meat suppliers with a ransomware attack that shut down operations and limited the food supply across the world. This example showed just how unscrupulous hackers could be. They don’t care if people go hungry or have limited access to critical supplies, and they will attack any vulnerable business without concern of consequences to the public.
Healthcare was a steady target for attacks throughout the year. There were numerous large data breaches in this sector, exposing the personal health information of over 40 million people. The attacks affected hospitals, clinics, and small healthcare service providers. This trend is alarming as these incidents can shut down networks for days or weeks, leading to interruptions in critical care – which brings up possible life or death scenarios that extend far beyond the common problems stemming from a financially motivated attack.
Business Regulations for Data Security on the Rise
The year also highlighted a rise in regulations for data security affecting businesses of all shapes and sizes. This is a good thing for the state of cybersecurity in general. Still, it also means that fines and other potential penalties for businesses are increasingly possible.
Acts of legislation, such as the CCPA and GDRP have been on the books for some time, and these consumer-focused rules dictate how your business must deal with data security and consumer privacy. There are also a growing number of industry-specific laws such as HIPAA and the FCRA. An increase in consumer awareness of cybersecurity and data privacy is driving these acts, and more such regulations are sure to be put in place in the coming years.
If you want to avoid penalties, including fines and potential lawsuits, you need to fully understand any of these regulations that affect your industry. Non-compliance can quickly sink a small business, and larger organizations have seen significant financial repercussions. Amazon was hit with an $877 million fine when its cookie tracking practices were found to violate GDRP rules. This is a drastic example, but it should serve as a warning that regulators are taking cybersecurity issues seriously.
Looking Forward
The trends and news seen here can help us make a few assumptions looking into the new year. Cybersecurity issues – from general best practices to major data breaches to developing regulations – will remain a constant concern. This has been said before but is a good reminder for all business owners – it’s not a matter of if but when you’ll be hit with an attack or issue of some sort.
That makes pre-breach planning even more important. Playing catch-up is no longer an option, and you can’t wait until after an incident to spring into action. You’re having a response plan in place ahead of time is critical for businesses of all sizes that want to limit a data breach’s impact. And that should be the case for all businesses. If we can learn anything from what attackers have already done, it’s that they don’t care what your business is or who it serves. If there’s an easy opening to strike, they’ll take it.
There is always a sense of promise and potential at the turn of the year. Be sure to start 2022 off in the right direction by assessing your current cybersecurity practices. Make sure they are in-depth, involved, and in compliance with all current regulations. It only takes a single weak link in the defenses for a worst-case scenario to become reality. The more action you take ahead of time, the better your business will be poised to successfully navigate the situation when it appears.
And as always, LibertyID is here to help with aiding and assisting through each step of the way. We want to see all businesses thrive, and we understand better than most do how critical cybersecurity planning is toward achieving that.
LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now is the time to get data breach planning and a response program in place with our LibertyID Business Solutions data breach preparation program. With LibertyID Enterprise you can now add value to existing products, services, orrelationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service – at a fraction of our retail price – with no enrollment and no file sharing. We have no direct communication with your group members – until they need us.
Call us now for a no obligation proposal at 844-44-LIBERTY (844) 445-4237